kern/55568: DUMP has access to block devices in a JAIL
mjoyner
mjoyner at rv1.dynip.com
Wed Aug 13 18:10:21 PDT 2003
>Number: 55568
>Category: kern
>Synopsis: DUMP can be used in JAIL
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 13 18:10:18 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: System Administrator
>Release: FreeBSD 5.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD eadmin.dyns.net 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Mon
Aug 11 15:5
3:58 EDT 2003
sysadmin at eadmin.dyns.net:/usr/src/sys/i386/compile/kernel.build.conf
i386
>Description:
A jailed root user can use DUMP and gain a snapshot of the
entire disk.
From there the jailed root user can restore files from the HOST
SYSTEM
or any other jails at their leisure.
Even if DEVFS is not mounted, a root user could possibly create a
device node anyways, and one needs TTYS anyways.
Some sort of check is not occurring in the disk access code that
is needed to prevent JAILED users ANY raw access to the disk.
>How-To-Repeat:
Run DUMP in a jailed environment.
>Fix:
Add security checks on device access to prevent jailed users
from gaining access to things they don't need access to.
If this is a setting which can be changed, the default behavior
needs to be more security conscious, or at least very very very
clearly documented.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list